Employee Handbook

14.22 HIPAA Privacy Training Program

14.22.1 Policy Statement

The Health Plan must train all relevant members of its workforce on HIPAA policies and procedures, as necessary and appropriate for the members of the workforce to carry out their function within the Health Plan.

14.22.2 Policy Interpretation and Implementation

HIPAA Training Program

To ensure the confidentiality of individual's protected health information (PHI), HIPAA training (HIPAA Training) shall be provided for all relevant employees of the Plan Sponsor who have responsibilities involving the use/disclosure of PHI, and other workforce members as deemed necessary within the sole discretion of the Privacy Officer. It is the Privacy Officer's responsibility to oversee such HIPAA Training.



Workforce Members

An employee/workforce member, for the purposes of this policy, means any employee, trainee, volunteer, or any other person(s) whose conduct, in the performance of work for the Health Plan, is under the direct control/supervision of the Health Plan, regardless of payment source.



Content of HIPAA Training Program


The HIPAA Training shall include, but is not limited to:

  • An overview of the HIPAA privacy regulations relative to the identification and protection of PHI.
  • A review of the Health Plan's HIPAA policies and procedures;
  • Permissible uses and disclosures of PHI;
  • Application of the Health Plan's HIPAA policies and procedures to employee's job responsibilities;
  • The identity and location of the Health Plan's HIPAA Privacy Officer;
  • The requirement that all employees report any potential violations of the Health Plan's policies and procedures or the HIPAA regulations, whether caused by a workforce member or a service provider, to the Privacy Officer; and
  • Other information relative to the protection and security of PHI.



Newly Hired Employees/

Business Associates

Before being allowed access to PHI, all newly hired employees, and employees new to a position requiring access to PHI, shall be required to sign and date a written acknowledgement that the new employee has completed HIPAA Training.



Acknowledgment of Training Attendance

Department directors will be required to have a signed and dated written acknowledgment that the new employee has completed HIPAA Training before being allowed access to PHI.



Attendance Records

The HIPAA Privacy Officer shall maintain a record of all personnel who attend HIPAA Training. Such records shall be maintained in accordance with the Document Retention Policy .



Annual Training

Updated training shall take place at least annually. Should a change in the training program or security systems occur before an annual training session occurs, impacted employees shall receive interim training materials or abbreviated instructions.



Record Retention

A copy of all HIPAA covered information and any revisions shall be maintained for a period of at least six (6) years. Such retention may be in printed or electronic format, or both.



Privacy Officer

The Privacy Officer is responsible for the development and implementation of the HIPAA policies and procedures. The Privacy Officer is also the contact person for any questions or complaints regarding HIPAA. Questions or concerns about HIPAA rights should be directed to the Privacy Officer during regular business office hours Monday through Friday, except holidays, at (651) 696-6280.




Violations of this policy will be subject to discipline.